Watch Out, Watch Out...
There's MP3 spam about!
Yes, you read that right, I started to receive spam e-mails that only have an MP3 [Audio] file attached, no body text.
At first I thought it was a new ploy by the malware authors, but after a quick check, the attachments were real MP3 files [LAME encoded].
So, I bit the bullet and played it, and lo and behold it was an audio version of the 'Pump-n-Dump' scams that we have been used to seeing. The one I listened too was of poor audio quality, in fact the woman sounded a bit like a Dalek! ;-)
Although as far as I can remember there were no lady Daleks, well not in the one-eyed motorised dustbin version, that came complete with kitchen utensils [egg whisk], plumbing tools [sink plunger] and a built-in CO2 fire extinguisher anyway [see picture].
More on this later when I'm back in the office.
UPDATE:
I didn't have anytime yesterday to follow-up on this posting as I was out all day giving a couple of guest lectures at a UK University. However, it now seems that I was the first one to report this new move by the spammers, as the other reports and news items about it didn't start to appear until around mid-day [UK time] on the 18th.
The gangs behind these 'pump-n-dump' scam spam runs have been very inventive so far, as they have already used graphical spam, animated graphical spam, subliminal animated graphical spam, Word document spam, Excel spreadsheet spam and finally PDF/FDF [Adobe Acrobat] spam. This list doesn't include the basic ASCII [Text] and HTML spam they still use, as well as the ZIP and RAR files used as containers for many of the file formats they have used.
I wonder what they'll try next? Video spam?
Here are some links to some of the other coverage of this move to using Audio spam:
There are also lots of news items appearing based on information supplied from the above, especially from my friend Graham Cluley who works for Sophos.
Addendum: Here's a link to one of the MP3 spam audio files I received, so that you can hear it yourself. However, please don't fall for the scam, you won't buy the stock offered will you?
For the techies out there, the file is encoded at 16Kbps. Most MP3 music files are encoded between 128-256Kbps.
As a final thought, I suppose you could call this a genuine product of a spam robot? ;-)
posted by Martin @ 06:52
2 Comments:
Loving the Dalek picture! But how come my name gets quotes around it? You make me sound fictional! Smirk
Hi Graham, No you definitely are not a figment of my imagination, as I know you exist! ;-)
Seeing this spam run reminded me of the time Dr. Solomon's had a Dr Who stand at Infosec, I think and you had me up on the stage, complete with a plunger and egg-whisk ;-)
I have de-quoted your name, although you are still italicised.
Thanks for dropping by.
Post a Comment
<< Home